Personal and Ubiquitous Computing

, Volume 13, Issue 6, pp 435–444 | Cite as

Legal safeguards for privacy and data protection in ambient intelligence

  • Paul De Hert
  • Serge GutwirthEmail author
  • Anna Moscibroda
  • David Wright
  • Gloria González Fuster
Original Article


To get the maximum benefit from ambient intelligence (AmI), we need to anticipate and react to possible drawbacks and threats emerging from the new technologies in order to devise appropriate safeguards. The SWAMI project took a precautionary approach in its exploration of the privacy risks in AmI and sought ways to reduce them. It constructed four “dark scenarios” showing possible negative implications of AmI, notably for privacy protection. Legal analysis of the depicted futures showed the shortcomings of the current legal framework in being able to provide adequate privacy protection in the AmI environment. In this paper, the authors, building upon their involvement in SWAMI research as well as the further advancement of EU privacy analysis, identify various outstanding issues regarding the legal framework that still need to be resolved in order to deal with AmI in an equitable and efficacious way. This article points out some of the lacunae in the legal framework and postulates several privacy-specific safeguards aimed at overcoming them.


Personal Data Data Protection Privacy Protection Ambient Intelligence Electronic Product Code 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Article 29 Data Protection Working Party (2007) Opinion 4/2007 on the concept of personal data. (01248/07/EN WP 136)
  2. 2.
    Article 29 Data Protection Working Party (2005) Working document on data protection issues related to RFID technology. (10107/05/EN WP 105)., last accessed 02.07.2007
  3. 3.
    Article 29 Data Protection Working Party (2004) Opinion on more harmonised information provisions. (11987/04/EN-WP 100).
  4. 4.
    Bauer M, Meints M, Hansen M (eds) (2005) Structured overview on prototypes and concepts of identity management systems, Future of Identity in the Information Society (FIDIS) Deliverable D3.1.
  5. 5.
    Beslay L, Hakala H (2003) Digital territory: bubbles. (draft version available at, last accessed on 02.07.2007
  6. 6.
    Beslay L, Punie Y (2003) The virtual residence: identity, privacy and security. In: Security and privacy for the citizen in the post-september 11 digital age: a prospective overview, IPTS report to the European Parliament Committee on Citizens’ Freedoms and Rights, Justice and Home Affairs (LIBE)., last accessed 02.07.2007
  7. 7.
    Bryce C, Dekker M, Etalle S, Le Metayer D, Le Mouel MF, Minier M, Moret-Bailly J, Ubeda S (2007) Ubiquitous privacy protection: position paper. In: Bajart A, Muller H, Strang T (eds) UbiComp 2007 Workshops Proceedings, Innsbruck, Austria September 2007, pp 397–402Google Scholar
  8. 8.
    Centre for democracy and technology (CDT) Working Group on RFID (2006) Privacy best practices for deployment of RFID technology, interim draft., last accessed 02.07.2007
  9. 9.
    Casassa Mont M, Pearson S, Bramhall P (2003) Towards accountable management of identity and privacy: sticky policies and enforcable tracing services, HP labs technical reports, HPL–2003-49, Bristol 2003.
  10. 10.
    Daskala B, Maghiros I (2007) Digital territories: towards the protection of public and private spaces in a digital and ambient intelligence environment. EUR 22765 EN
  11. 11.
    De Hert P (2006) What are the risks and what guarantees need to be put in place in view of interoperability of police databases? Standard Briefing Note ‘JHA & Data Protection’, No. 1, produced on behalf of the European ParliamentGoogle Scholar
  12. 12.
    De Hert P, Gutwirth S (2003) Making sense of privacy and data protection: a prospective overview in the light of the future of identity, location-based services and virtual residence. In: Security and privacy for the citizen in the post-September 11 digital age: a prospective overview, IPTS Report to the European Parliament Committee on Citizens’ Freedoms and Rights, Justice and Home Affairs (LIBE)., last acccessed 02.07.2007
  13. 13.
    De Hert P, Gutwirth S (2005) Privacy, data protection and law enforcement. Opacity of the individual and transparency of power. In: Claes E, Duff A, Gutwirth S (eds) Privacy and the criminal law. Oxford, AntwerpGoogle Scholar
  14. 14.
    EPCglobal Ltd. (2007) Guidelines regarding privacy in RFID technology., last accessed 02.07.2007
  15. 15.
    Faull J (2007) Heard by the House of Lords, minutes of evidence taken before the Select Committee of the European Union (Sub-Committee F), The EU-US PRN Agreement, 22 March 2007, p 5., last consulted 02.07.2007
  16. 16.
    Gutwirth S (2002) Privacy and the information age, Lanham/Boulder/New York/Oxford, Rowman & Littlefield Publ. 158 pGoogle Scholar
  17. 17.
    Gutwirth S, De Hert P (2008) Regulating profiling in a democratic constitutional state In: Hildebrandt M, Gutwirth S (eds) Profiling the European citizen. Cross disciplinary perspectives, Springer Press, Dordrecht, pp 271–291Google Scholar
  18. 18.
    Han J, Shah A, Luk M, Perrig A (2007) Don’t sweat your privacy, using humidity to detect human presence. In: Bajart A, Muller H, Strang S (eds) UbiComp 2007 Workshops Proceedings, Innsbruck, Austria, pp 422–427Google Scholar
  19. 19.
    Hansen M, Krasemann H (eds) (2005) Privacy and identity management for europe, PRIME White Paper. Deliverable 15.1Google Scholar
  20. 20.
    Hildebrandt M (2006) “Profiles and correlatable humans”. In: Stehr N (ed) Who owns knowledge? Transaction Books, New BrunswickGoogle Scholar
  21. 21.
    Hildebrandt M, Backhouse J (eds) (2005) Descriptive analysis and inventory of profiling practices, FIDIS (Future of Identity in the Information Society) Deliverable D7.2,
  22. 22.
    Hildebrandt M, Koops BJ (eds) A vision of ambient law, FIDIS (Future of Identity in the Information Society) D7.9, version as of 15.11.2007 (
  23. 23.
    Hildebrandt M, Meints M (eds) (2006) RFID, profiling, and AmI, FIDIS (Future of Identity in the Information Society) Deliverable D7.7.
  24. 24.
    Kardasiadou Z, Talidou Z (2006) Report on legal issues of RFID Technology, LEGAL IST (Legal Issues for the Advancement of Information Society Technologies). Deliverable 15Google Scholar
  25. 25.
    Lahlou S (2005) Living in a goldfish bowl: lessons learned about privacy issues in a privacy-challenged environment, Workshop on UbiComp Privacy, privacy in contextGoogle Scholar
  26. 26.
    Lahlou S, Langheinrich M, Rocker C (2005) Privacy and trust issues with invisible computers. Commun ACM 40(3):59–60CrossRefGoogle Scholar
  27. 27.
    Leenes R, Schallabock J, Hansen M (2007) Prime white paper v2., 2007., last accessed 02.07.2007
  28. 28.
    Meints M (2006) AmI: the European perspective on data protection legislation and privacy policies, presentation at the SWAMI International Conference on Safeguards in a World of Ambient Intelligence, 21Google Scholar
  29. 29.
    Müller G, Wohlgemuth S (eds) (2005) Study on mobile identity management, FIDIS (Future of Identity in the Information Society) Deliverable D3.3.
  30. 30.
    Rouvroy A (2007) Privacy, data protection, and the unprecedented challenges of ambient intelligence, 11 September, available at SSRN:
  31. 31.
    Schreurs W, Hildebrandt M, Gasson M, Warwick K (eds) (2005) Report on actual and possible profiling techniques in the field of ambient intelligence, FIDIS (Future of Identity in the Information Society) Deliverable D7.3.
  32. 32.
    Wright D, Gutwirth S, Friedewald M, Punie Y, Vildjiounaite E (eds) (2008) Safeguards in a world of ambient intelligence, Springer Press, Dordrecht, p 291Google Scholar

Legal Acts

  1. 33.
    Universal Declaration of Human Rights, United Nations, 1948Google Scholar
  2. 34.
    European Convention on Human Rights of 4 November 1950Google Scholar
  3. 35.
    International Covenant on Civil and Political Rights, United Nations, 1966Google Scholar
  4. 36.
    Charter of Fundamental Rights of the European Union, OJ C 341, 18.12.2002, pp 1–22Google Scholar
  5. 37.
    Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data on the free movement of such data, OJ L 281, 23/11/95, pp 31–50Google Scholar
  6. 38.
    Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) OJ L 201, 31/07/2002, pp 37–47Google Scholar
  7. 39.
    Directive 2006/24/EC of the European Parliament and of the Council on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC, OJ L 105, 13/4/2006, pp 54–63Google Scholar

Case Law

  1. 40.
    ECHR, Niemitz v. Germany (23.11.1992)Google Scholar
  2. 41.
    ECHR, Halford v. the United Kingdom (27.03. 1997)Google Scholar
  3. 42.
    ECHR, Khan v. the United Kingdom (12.03.2000)Google Scholar
  4. 43.
    ECHR, P·H. & J.H. v. the United Kingdom (25.12.2001)Google Scholar
  5. 44.
    ECHR, Copland v. the United Kingdom (3.04. 2007)Google Scholar

Copyright information

© Springer-Verlag London Limited 2008

Authors and Affiliations

  • Paul De Hert
    • 1
  • Serge Gutwirth
    • 1
    Email author
  • Anna Moscibroda
    • 1
  • David Wright
    • 1
  • Gloria González Fuster
    • 1
  1. 1.Vrije Universtiteit Brussel, Law Science Technology & Society (LSTS)BrusselsBelgium

Personalised recommendations